Skip to content

Enterprise Mobility + Security


Howdy folks,

We have launched so many public previews and so many capabilities have reached GA recently that even if you are a follower of our blog you might have missed this bit of news:

#AzureAD PowerShell v2.0 is now in public preview!

We know that for many Azure AD and Windows Server AD admins, PowerShell is an essential tool – something you rely on every day to get your job done. So we’re really pumped to finally get this new version into your hands.

To give you a quick rundown on this new version, I’ve asked Rob de Jong, the PM who drives our PowerShell efforts to write up guest blog which you will find down below.

I hope you’ll find these new cmdlets useful!

And as always, we’d love to receive any feedback or suggestions you have.

Best Regards,

Alex Simons (@Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity Division

——————-

Hi everyone,

It’s Rob de Jong here and today I’m excited to give you a quick tour of the new #Azure AD PowerShell v2.0 which is now in public preview.

PowerShell is an important tool in the toolkit of nearly every IT professional who manages Azure Active Directory, and we’ve just recently released the public preview of our new V2 version of Azure Active Directory PowerShell cmdlets. This preview release marks the first step on a journey to renew the existing MSOL PowerShell cmdlets which you are so familiar with, and we’re seeing an amazing number of customers already using our new cmdlets with their production Azure Active Directory.

We have been getting great feedback on the need for publishing updates to the new module to address all the new scenarios that are now available in Azure Active Directory and the team is working hard to add new capabilities. All new capabilities will be provided through the new AzureAD PowerShell Module and you will see continual updates, and meanwhile we’re also working on making all functionality of the old MSOL module available in the new module.

When complete, you will be able to rely completely on the new AzureAD module for all of your needs.

So please start using the new AzureAD module and give us feedback – your feedback is critical to our shared success!

Azure AD PowerShell module features

One of the key features of the new module is a close alignment of the PowerShell functionality with the Graph API capabilities. We are also moving towards a faster and more agile release process for new or updated functionality of these cmdlets.

The new PowerShell cmdlets already provide more functionality in several areas, most notably for Modern Authentication and MFA, and includes new management capabilities for Applications and Certificate Authority through PowerShell.

For a full list of all available cmdlets and how to use them, please read our AzureAD PowerShell reference documentation here: https://msdn.microsoft.com/en-us/library/azure/mt757189.aspx

Over time, we will fully replace the existing MSOL cmdlets. You will see regular new functionality updates to this preview release until the complete replacement is available.

Some changes

As you will notice, some things have changed when compared to the existing MSOL library. First of all – we have updated the names of all cmdlets to conform with the Azure PowerShell naming conventions. Since we’re publishing a new module for these cmdlets, the name of the module has changed as well: the existing module’s name was “MSOL”, the new module is call “AzureAD”. So where e.g. an existing cmdlet was named “New-MSOLUser”, which adds a new user to the directory, the new cmdlet’s name is “New-AzureADUser.

Secondly – the parameters for the new cmdlets sometimes changed as well. As we are developing cmdlets in close alignment with the Graph API functionality, we’re also keeping the names of objects and parameters as close as possible to what is used in Graph API. An overview of Azure AD Graph API functionality can be found here: Getting started with Graph API

New functionality in AzureAD PowerShell

Using the -SearchString parameter

Based on feedback we received from early users of the V2 cmdlets, we introduced a new parameter “SearchString”. This parameter allows you to search for data in your directory based on a matching string value.

For example, executing the cmdlet

clip_image002

in my demo directory would return

clip_image003

while

clip_image005

returns

clip_image007

which are all users a string attribute matches the value “Marketing” – in my demo tenant, this would be the “Department” attribute. Please note that the SearchString search scope for users currently covers the attributes “City”, “Country”, “Department”, “DisplayName”, “JobTitle”, “Mail”, “mailNickName”, “State”, and “UserPrincipalName.

Managing Token Lifetime policy settings

We’re including several new cmdlets in this release that can be used to manage Token Lifetime settings in your directory and that will support operations on Policy, ServicePrincipalPolicy and PolicyAppliedObject objects. More information and examplesforn this functionality can be found here.

Managing Certificate Authority using Powershell for Azure AD

These are the new cmdlets that are used to manage Certificate Authority:

  • New-AzureADTrustedCertificateAuthority – Adds a new certificate authority for the tenant
  • Get-AzureADTrustedCertificateAuthorities – Retrieves the list of certificate authority for the tenant
  • Remove-AzureADTrustedCertificateAuthority – Removes a certificate authority for the tenant
  • Set-AzureADTrustedCertificateAuthority – Modifying a certificate authority for the tenant

Please refer to https://azure.microsoft.com/en-us/documentation/articles/active-directory-certificate-based-authentication-ios/#getting-started for detailed information on how to use these cmdlets.

Managing Applications in Azure AD using PowerShell

Several new cmdlets have been added to enable management of Applications in Azure AD using PowerShell. There is a set of cmdlets to create, modify and remove Applications:

  • New-AzureADApplication
  • Remove-AzureADApplication
  • Set-AzureADApplication

We also offer capabilities to manage Directory Extensions in PowerShell:

  • Get-AzureADApplicationExtensionProperty
  • New-AzureADApplicationExtensionProperty
  • Remove-AzureADApplicationExtensionProperty

There are new cmdlets to manage Owners for an Application:

  • Add-AzureADApplicationOwner
  • Get-AzureADApplicationOwner
  • Remove-AzureADApplicationOwner

And finally, we’re offering new capabilities to manage credentials for Applications in PowerShell:

  • Get-AzureADApplicationKeyCredential
  • New-AzureADApplicationKeyCredential
  • Remove-AzureADApplicationKeyCredential
  • Get-AzureADApplicationPasswordCredential
  • New-AzureADApplicationPasswordCredential
  • Remove-AzureADApplicationPasswordCredential

Here is a short video that demonstrates how you can use these new cmdlets to manage access to Applications in your directory.

We invite you to try out the new AzureAD Powershell V2 module, which you can install from the PowerShell Gallery here: http://www.powershellgallery.com/packages/AzureADPreview.

Check out the new capabilities and let us know what you think!

Regards,

Rob